Vulnerabilities > Redhat > Satellite
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-25 | CVE-2022-3644 | Insufficiently Protected Credentials vulnerability in multiple products The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. | 5.5 |
| 2022-09-29 | CVE-2015-1931 | Cleartext Storage of Sensitive Information vulnerability in multiple products IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. | 5.5 |
| 2022-03-23 | CVE-2021-3589 | Missing Authentication for Critical Function vulnerability in multiple products An authorization flaw was found in Foreman Ansible. | 8.0 |
| 2021-12-23 | CVE-2021-3584 | OS Command Injection vulnerability in multiple products A server side remote code execution vulnerability was found in Foreman project. | 9.0 |
| 2021-12-16 | CVE-2021-42550 | Deserialization of Untrusted Data vulnerability in multiple products In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. | 6.6 |
| 2021-12-08 | CVE-2021-44420 | In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. | 7.3 |
| 2021-06-02 | CVE-2020-14371 | Information Exposure vulnerability in Redhat Satellite 6.0 A credential leak vulnerability was found in Red Hat Satellite. | 4.0 |
| 2021-06-02 | CVE-2020-14380 | Improper Authentication vulnerability in Redhat Satellite 6.7.2 An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. | 7.5 |
| 2021-06-02 | CVE-2020-14335 | Information Exposure vulnerability in Redhat Satellite 6.0 A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. | 5.5 |
| 2021-05-27 | CVE-2020-10716 | A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. | 6.5 |